Stream auth and activity logs to an external provider

This is an experimental feature.

With Portainer 2.20 and later, you can configure the streaming of Portainer's authentication and activity logs to an external Security Information and Event Management (SIEM) system in Syslog format. This is done via CLI flags when starting the Portainer container.

Available CLI flags

Flag

Description

Example usage

The following is an example docker run command to start Portainer using the above options to stream logs to a SIEM provider at syslog.mydomain.com on UDP port 514.

As the flags are Portainer options, they must be specified after the image specification.

docker run -d -p 8000:8000 -p 9443:9443 \
    --name portainer \
    --restart=always \
    -v /var/run/docker.sock:/var/run/docker.sock \
    -v portainer_data:/data \
    portainer/portainer-ee:2.23.0 \
    --syslog-addr=syslog.mydomain.com \
    --syslog-port=514 \
    --syslog-source-hostname="my-portainer-instance"

PreviousUsing mTLS with Portainer NextUsing Portainer with reverse proxies

Last updated 1 day ago